REMARKS 

The Office Action dated June 28, 2005, has been received and carefully noted. 
The above amendments to the claims, and the following remarks, are submitted as a full 
and complete response thereto. Claims 1, 27, and 37 have been amended to more 
particularly point out and distinctly claim the subject matter of the invention. No new 
matter has been added, and no new issues are raised that require further consideration 
and/or search. Claims 1-24, 26-54, 56, and 59 are respectfully submitted for 
consideration. 

Initial Matters 

In Applicant's request for continued examination (RCE), Applicant provided 
various arguments and amendments as to the patentability of the claims in view of the 
cited references. The arguments presented in the Office Action do not indicate that 
Applicant's arguments have been considered, although the Office Action indicates that 
Applicant's RCE has been entered, and the Office Action discusses the amended claim 
language. 

As explained in MPEP 707.07(f): "Where the applicant traverses any rejection, 
the examiner should, if he or she repeats the rejection, take note of the applicant's 
argument and answer the substance of it." 

Additionally, the Advisory Action (paper 032205) of March 28, 2005, stated that 
the "new changes [referring to Applicant's amendments] introduce new issues that would 
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require further consideration and/or thorough search." Yet it appears that Applicant's 
arguments have not been considered. 

Accordingly, it is respectfully requested that if the claims are not considered to be 
in condition for allowance, that the next action considering Applicant's arguments from 
the RCE be made non-final. In any event, as discussed below, Applicant submits that the 
claimed invention recites subject matter which is neither disclosed nor suggested in the 
cited prior art. 

Rejections under 35 U.S.C. 112 

Claims 1, 27, and 37 were rejected under the second paragraph of 35 U.S.C. 112 
as being indefinite in view of the specification. Specifically, the Office Action states that 
the specification states that the intermediate communication route can be either secure or 
insecure, but the claim states "over one of said relatively insecure intermediate network 
and said relatively secure intermediate network." The Office Action refers to the rule 
permitting Applicant to act as a lexicographer. With regard to the claim language in 
question, Applicant is not acting as a lexicographer. Accordingly, the claims were not 
indefinite with the language described. Nevertheless, to expedite prosecution, the claim 
has been amended. Because the amendments are not intended to, and should not be 
construed to alter the scope of the claims, the amendments are not narrowing 
amendments. 
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Rejections under 35 U.S.C. 103 

Claims 1-23, 26-54 5 and 56 were rejected under 35 U.S.C. 103(a) as obvious over 
U.S. Patent No. 5,548,649 of Jacobson ("Jacobson") in view of U.S. Patent No. 
5,940,591 of Boyle et al. ("Boyle"). The Office Action states that Jacobson teaches all 
the features of the claims except the distribution and/or routing of security information 
between the first network and the second network. The Office Action states that Boyle 
remedies the deficiencies of Jacobson. Applicant respectfully traverses this rejection. 

Claim 1, upon which claims 2-24 are dependent, recites a method for secure 
communication between a first end terminal located in a first secure network and a 
second end terminal located in a second secure network. The first and second networks 
are separated by a relatively insecure intermediate network and a relatively secure 
intermediate network. The method includes selectively routing, over the relatively 
insecure intermediate network or the relatively secure intermediate network, a 
predetermined type of communication identified by a trigger from the first end terminal 
to the second end terminal over the relatively insecure intermediate network by means of 
at least one network element triggerable to refer to information held in a storage means to 
selectively route the communication according to the information held in the storage 
means. The method also includes encrypting the selectively routed communication by 
means of an encryption engine before it traverses the intermediate network. The at least 
one network element and the encryption engine are located substantially within the first 
secure network. 
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Claim 26 recites a method for the distribution of security information between a 
first node in a first secure network and at least one node in a second secure network. The 
first and the second networks are separated by a relatively insecure network. 
Communications from the first node to the at least one second node via the relatively 
insecure network are encrypted. The method includes the step of providing at least one 
network element operable to store security information and triggerable to distribute the 
security information in a secure manner from the first node to at least one target node in 
the second secure network. 

Claim 27, upon which claims 28-36 are dependent, recites a secure network 
arrangement for communication between a first end terminal located in a first secure 
network and a second end terminal located in a second secure network. The first and 
second networks are separated by a relatively insecure intermediate network and a 
relatively secure intermediate network. The secure network arrangement includes at least 
one network element triggerable to refer to information held in a storage means to 
selectively route over the relatively insecure intermediate network or the relatively secure 
intermediate network a predetermined communication identified by a trigger according to 
the information held in the storage means from the first end terminal to the second end 
terminal. The secure network arrangement also includes an encryption engine for 
encrypting the selectively routed communication before it traverses the intermediate 
network. The at least one network element and the encryption engine are located 
substantially within the first secure network. 
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Claim 37, upon which claims 38-40 are dependent, recites a secure network 
arrangement for communication between a first end terminal located in a first secure 
network and a second end terminal located in a second secure network. The first and 
second networks are separated by at least one intermediate network. At least one 
communication route constitutes a relatively insecure communication route and at least 
one route constitutes a relatively secure communication route from the first end terminal 
to the second end terminal. The secure network arrangement includes at least one 
network element triggerable to selectively route a communication from the first end 
terminal to the second end terminal over the relatively insecure communication route or 
the relatively secure communication route. The secure network arrangement also 
includes an encryption engine for encrypting the selectively routed communication before 
it traverses the relatively insecure intermediate network. The at least one network 
element and the encryption engine are located substantially within the first secure 
network. 

Claim 41 recites a method for the distribution of security information between a 
first node in a first secure network and at least one second node in a second secure 
network. The first and second networks are separated by a relatively insecure network. 
Communications from the first node to the at least one second node via the relatively 
insecure network are encrypted. The method includes providing at least one network 
element operable to store security information and triggerable to distribute the security 
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information in a secure manner from the first node to at least one target node in the 
second secure network. 

Claims 42, upon which claims 43-54 are dependent, recites a network arrangement 
for the distribution of security information between a first node in a first secure network 
and at least one second node in a second secure network. The first and second networks 
are separated by a relatively insecure network. Communications from the first node to 
the at least one second node via the relatively insecure network are encrypted. The 
network arrangement includes at least one network element operable to store security 
information and triggerable to distribute the security information in a secure manner from 
the first node to at least one target node in the second secure network. 

Claim 56 recites a network arrangement for the distribution of security between a 
node in a first secure network and at least one node in a second secure network. The first 
and second networks are separated by a relatively insecure intermediate network. The 
network arrangement includes, in at least one of the first and second secure networks, at 
least one network element operable to store security information and triggerable to 
distribute the security information to at least one target node in the second secure 
network. The network arrangement also includes an encryption engine for encrypting a 
communication before it traverses the relatively insecure intermediate network. 

As discussed in the specification, certain embodiments of the present invention 
enable subscribers to benefit from a secure network service customized according to their 
own preferences. First and second secure networks are separated by a relatively secure 
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intermediate network and a relatively insecure intermediate network, and a 
communication is selectively routed over one of these networks. Predetermined types of 
communication may be selectively routed over the relatively secure intermediate network 
or the relatively insecure intermediate network depending on information held in the 
storage means. Additionally, certain embodiments of the present invention enable a 
network element and the encryption engine to be located substantially in the first 
network. Thus, encryption circuitry requirements may be reduced. It is respectfully 
submitted that Jacobson and Boyle, when viewed either singly or in combination, fail to 
disclose or suggest all the features of any of the presently pending claims. Therefore, the 
cited references fail to provide the critical and unobvious advantages discussed above. 

Jacobson relates to a network local security bridge for bridging first and second 
sides of a network. Referring to Figure 1 of Jacobson, one network, Ethernet network 
100, is shown having secure zones 108-1 to 108-3. A bridge 104-1 is provided for 
linking side 1 and side 2 of the network. Depending on the destination or source address 
of the packets received at bridge 104-1, the packets are filtered, and are encrypted before 
forwarding. Bridge 104-1 includes a number of filter tables, such as Ethernet address 
filter table 224-1, that is used to filter packets received dependent on the Ethernet 
destination address of a packet. For example, Jacobson describes first side packets only 
being encrypted by the local security bridge if their destination address is within the 
remote secure zone, but not being encrypted if their destination address is within a remote 
insecure zone. Second side packets are decrypted if they originate from the remote 
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secure zone, but not if they originate from an insecure zone. After any necessary 
encryption or decryption, first and second side packets are transmitted to their destination 
by the local security bridge. 

Boyle relates to an apparatus and method for providing network security. Boyle 
describes a secure network interface unit (SNIU) that controls communications between a 
respective host or user computer unit, and a network at a session layer of interconnection. 
Referring to Figure 2, Boyle shows a type "a" network using labels, a type "b" network 
using labels, and a public network. The networks are separated by a bridge, gateway and 
guard, each of which form a SNIU. A bridge SNIU is used between two private networks 
using the same security labeling semantics but operate at two different protection levels. 
The gateway SNIU is used between two networks using different security labeling 
semantics. A guard SNIU is used to support communication between a private network 
and a public network. According to Boyle, one network may use the labeling terms "top 
secret," "secret," "confidential," and "unclassified," while a second network uses "most 
secret " "secret," "restricted," "confidential," and "releasable." 

Applicant submits that the cited references do not disclose or suggest all the 
features of the pending claims. For example, applicant submits that neither Jacobson nor 
Boyle disclose or suggest secure networks separated by a relatively insecure network and 
a relatively secure network. Jacobson describes only one network, or Ethernet network 
100. Claim 1 of the present application, for example, may include four networks. 
Further, Jacobson describes only one route being provided between one end zone and any 

-23- 



other end zone, whether the zone is secure or insecure. Boyle also fails to disclose or 
suggest the feature. Thus, Jacobson and Boyle do not disclose or suggest first and second 
secure networks separated by a relatively secure intermediate network and a relatively 
insecure intermediate network. 

The Office Action states that Jacobson teaches a network with a local secure zone 
and a remote secure zone bridged by a local security bridge. What the Office Action fails 
to address is that in any event, Jacobson teaches only one network, not a plurality of 
networks. Thus, Jacobson does not teach what is recited in the claims. 

Applicant also submits that the cited references fail to disclose or suggest 
selectively routing, over one the relatively insecure intermediate network and the 
relatively secure intermediate network, a predetermined type of communication. Further, 
applicant submits that the cited references do not disclose or suggest selectively routing a 
packet over one of a relatively secure intermediate network and a relatively insecure 
intermediate network by a network element triggerable to refer to information held in a 
storage means. For example, as discussed above, Jacobson describes using one network 
with a bridge linking two sides of the network. A packet is filtered, and in some cases 
encrypted, according to filter tables and depending on the destination address of the 
packet. Applicant also submits that the cited references do not disclose or suggest 
storage means to selectively route the communication. Instead, for example, Jacobson 
describes using the destination address and the filter table to route a packet. Applicant 
submits Boyle also does not disclose or suggest these features. Thus, applicant submits 
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that the cited references do not disclose or suggest at least these features of the pending 
claims. 

The Office Action does not explicitly indicate how Jacobson teaches these 
features, and since some of these features are predicated on the presence of a plurality of 
networks, as opposed to Jacobson's single network, it is unclear how they could be 
construed to be taught by Jacobson. 

The Office Action states that Jacobson does not "explicitly point out the 
distribution and/or routing of security information between the first network and the 
second network." Applicant submits that Boyle, either alone or in combination with 
Jacobson, also does not disclose or suggest the feature of routing security information. 
As discussed above, Boyle describes data classified as "secret" or "most secret" being 
distributed between networks. Boyle, however, does not disclose or suggest the 
distribution of security information between networks. Applicant submits that the data 
with a high security rating or clearance of Boyle does not disclose or suggest security 
information that defines security parameters. For example, security information, as 
claimed, may include encryption/decryption information and electronic cash bit strings. 
Applicant submits that Boyle fails to disclose or suggest the distribution or selectively 
routing of security information. Thus, Jacobson and Boyle fail to disclose or suggest at 
least these features of the pending claims. 

Applicant notes that the arguments relating to security information as opposed to 
confidentiality classifications (such as secret, most secret, etc.) remain unanswered and 
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unaddressed by the Office Action. Applicant notes that the ordinary meaning of 
"security" in the realm of network security does not include confidentiality classifications 
used to classify secrets. There is nothing in the present specification that would lead one 
to conclude that the ordinary meaning of the term "security" has been altered by the 
Applicant, and therefore the accidental use of the term "security" with a different 
meaning in Boyle is not a proper basis for rejecting the claims. 

Thus, applicant submits that the cited references do not disclose or suggest 
"selectively routing, over one of said relatively insecure intermediate network and said 
relatively secure intermediate network, a predetermined type of communication identified 
by a trigger from the first end terminal to the second end terminal over said relatively 
insecure intermediate network by means of at least one network element triggerable to 
refer to information held in a storage means," as recited in claim 1. Claim 27 recites "at 
least one network element triggerable to refer to information held in a storage means to 
selectively route over one of said relatively insecure intermediate network and said 
relatively secure intermediate network." Applicant submits that the cited references, 
either alone or in combination, does not disclose or suggest at least these features of the 
pending claims. The remaining independent claims recite subject matter similar to claim 
1 and/or claim 27 and are allowable for at least the reasons given above. Thus, for at 
least the reasons given above, the remaining independent claims 26, 27, 37, 41, 42 and 56 
are not disclosed or suggested by the cited references. 
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Claims 2-23 and 28-36 and 38-40 and 43-54 are directly or indirectly dependent 
upon the independent claims discussed above. The dependent claims are allowable at 
least for the reasons given above, and because they recite subject matter in addition to the 
subject matter of the independent claims. Thus, it is submitted that claims 1-23, 26-54 
and 56 are not disclosed or suggest by the cited references, either alone or in 
combination. Applicant respectfully requests that the obviousness rejection of these 
claims be withdrawn. 

Claims 24 and 59 were rejected under 35 U.S.C. §103(a) as allegedly being 
unpatentable over Jacobson in view of U.S. Patent No. 6,421,339 (Thomas). The Office 
Action took the position that Jacobson does not teach providing the routing and/or access 
point to a subscriber in a visited network by virtue of a roaming agreement between the 
operator of the visited network and the operator of the subscriber's home network. The 
Office Action then took the position that Thomas taught those features of the claims 
missing from Jacboson. Applicant respectfully traverses the obviousness rejection and 
submits that the cited references, either alone or in combination, do not disclose or 
suggest all the features of the presently pending claims. 

Claim 24 depends directly from claim 1. Claim 1 is summarized above. 
Applicant submits that claim 24 recites the features of claim 1, and also recites the 
features of the selectively routing step including providing the routing to a subscriber in a 
visited network by virtue of a roaming agreement between an operator of the visited 
network and an operator of the subscriber's home network. 
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Claim 59 depends indirectly from claim 1. Applicant submits that claim 59 recites 
the features of claim 1, and also recites the features of the providing step including 
providing the access point to a subscriber in a visited network by virtue of a roaming 
agreement between an operator of the visited network and an operator of the subscriber's 
home network. 

Thomas relates to methods and systems for call-forwarding. Thomas describes a 
compliant data packet network with a registering function whereby home-based users are 
identified separate from visiting users having other networks as home bases. The user 
location data of Thomas may be retrieved and modified as those users roam to other 
compliant networks and register with a gatekeeper at that visited network. The 
registration of a visiting user with a visited gatekeeper includes the process of assigning a 
transient identity to the roaming user, obtaining confirmation from the home gatekeeper 
that roaming is authorized when registering the roaming user's present address and 
transient identity at the home site so that calls received at the home network can be 
directed to the user at the visited site. 

Applicant submits that Jacobson and Thomas, either alone or in combination, do 
not disclose or suggest selectively routing, over one of the relatively insecure 
intermediate network and the relatively secure intermediate network, a predetermined 
type of communication identified by a trigger from the first end terminal to the second 
end terminal over the relatively insecure intermediate network by means of at least one 
network element triggerable to refer to information held in a storage means. Thomas 

-28- 



describes home-based users being identified separate from visiting users having other 
networks as home bases. Thomas does not disclose or suggest selectively routing a 
predetermined type of communication over a relatively insecure intermediate network by 
means of one or more network elements according to information in a storage means. 
Therefore, applicant submits that Thomas, either alone or in combination with Jacobson, 
does not disclose or suggest all the features of the pending claims. 

Further, claims 24 and 59 are directly or indirectly dependent upon independent 
claim 1. If an independent claim is nonobvious, then any claim depending therefrom also 
is nonobvious. MPEP 2143.03. Because independent claim 1 is nonobvious over the 
cited references, claims 24 and 59 also are nonobvious. Thus, claims 24 and 59 are not 
rendered obvious by the cited references and applicant respectfully requests that the 
obviousness rejection be withdrawn. 

Conclusion 

Accordingly, for the reasons explained above it is respectfully submitted that each 
of claims 1-24, 26-54, 56, and 59 recite subject matter that is neither disclosed nor 
suggested in the cited art. It is therefore respectfully requested that claims 1-24, 26-54, 
56, and 59 be allowed, and that this application be passed to issue. 

If for any reason the Examiner determines that the application is not now in 
condition for allowance, it is respectfully requested that the Examiner contact, by 
telephone, the applicant's undersigned attorney at the indicated telephone number to 
arrange for an interview to expedite the disposition of this application. 
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In the event this paper is not being timely filed, the applicant respectfully petitions 
for an appropriate extension of time. Any fees for such an extension together with any 
additional fees may be charged to Counsel's Deposit Account 50-2222. 



Respectfully submitted, 
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